Johnson, Winter and Slattery | | Dec 2020
The Consumer Data Right scheme came into effect [in Australia] for the banking sector earlier this year. It will evolve as it expands into the energy and telecommunications sectors until it applies economy-wide.
While the focus has been on the data sharing obligations, the CDR scheme extends beyond this. Record-keeping, the Privacy Safeguards and mandatory reporting obligations may already apply to organisations that hold data which has been designated as CDR data. Keeping abreast of developments is essential to remaining compliant.
The key provisions of the CDR were introduced in August 2019 as Part IVD to the Competition and Consumer Act. The CDR is designed to increase consumer data portability, sector by sector, improving consumers’ ability to compare and switch between products and services, thus increasing competition and innovation within affected sectors.
Part IVD sets out the scope of data sharing obligations, the process by which data may be shared, data security requirements and some privacy safeguards. Data covered by the CDR scheme is designated by legislative instruments and relates to products offered by service providers (Product Data) and personal data about the consumers (Consumer Data). Further nuances to the application of the CDR (including when obligations to share Product Data and Consumer Data become mandatory) are set out in the CDR Rules and data standards.
The persons affected by the CDR scheme are:
The success of the CDR will depend on whether consumers trust the security and integrity of the sharing of their Consumer Data. For that reason, there is a strong focus on the data security and privacy of consumers, including: